One-W01F

Name of the Vulnerable Software and Affected Versions: RELIC versions prior to 2020-08-01 Description: The issue allows RSA PKCS#1 v1.5 signature forgery due to inadequate checks of the padding and the first two bytes. This requires a low public exponent, such as 3, which is not the default for generated RSA keys. Recommendations: For versions prior to 2020-08-01, consider updating to a version released after 2020-08-01 to resolve the issue. As a temporary workaround, avoid using low public exponents, such as 3, for RSA keys.

Name of the Vulnerable Software and Affected Versions: RELIC versions prior to 2021-04-03 Description: The issue is related to a buffer overflow in PKCS#1 v1.5 signature verification. This occurs because garbage bytes can be present, leading to the overflow. Recommendations: For versions prior to 2021-04-03, update to a version released after 2021-04-03 to resolve the issue.